Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winlog' = '%APPDATA%\winlog.exe'
- hostproc.exe
- %TEMP%\applaunch\app.ine
- %APPDATA%\winlog.exe
- %TEMP%\applaunch\hostproc.exe
- from %TEMP%\applaunch\app.ine to %TEMP%\applaunch\hostproc.exe
- DNS ASK ru####x.zapto.org
- '%TEMP%\applaunch\hostproc.exe'